文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >在spring安全3 xml配置中启用xframe选项

在spring安全3 xml配置中启用xframe选项
EN

Stack Overflow用户
提问于 2021-09-15 07:48:05
回答 1查看 154关注 0票数 0

在spring安全性中,我在http标记下添加了headers标记,用于xframe-选项,如下所示:

代码语言:javascript
复制
<http auto-config="true"  use-expressions="true">
            <intercept-url pattern="/rateWebService" access="hasRole('ROLE_ADMIN')" />
            <intercept-url pattern="/**" access="permitAll" />
            <form-login login-page="/loginA2B" login-processing-url="/j_spring_security_check"  default-target-url="/rateWebService" authentication-failure-url="/loginA2B?valid=false" />
            <logout logout-url="/j_spring_security_logout" logout-success-url="/logout"  />
    <headers>
            <frame-options policy="SAMEORIGIN"/>
    </headers>
  </http>

抛出一个异常,表示spring安全模式不识别headers标记。我正在使用SpringSecurity3(在xml中有所有必要的模式位置,我相信给定的标题是http的子标记)。是我做错了什么,还是弹簧安全3不支持设置标题。下面是堆栈跟踪:

代码语言:javascript
复制
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 86 in XML document from ServletContext resource [/WEB-INF/security.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 86; columnNumber: 12; cvc-complex-type.2.4.a: Invalid content was found starting with element 'headers'. One of '{"http://www.springframework.org/schema/security":intercept-url, "http://www.springframework.org/schema/security":access-denied-handler, "http://www.springframework.org/schema/security":form-login, "http://www.springframework.org/schema/security":openid-login, "http://www.springframework.org/schema/security":x509, "http://www.springframework.org/schema/security":http-basic, "http://www.springframework.org/schema/security":logout, "http://www.springframework.org/schema/security":session-management, "http://www.springframework.org/schema/security":remember-me, "http://www.springframework.org/schema/security":anonymous, "http://www.springframework.org/schema/security":port-mappings, "http://www.springframework.org/schema/security":custom-filter, "http://www.springframework.org/schema/security":request-cache}' is expected.
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:174)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:209)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
    at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
    at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:522)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:436)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:384)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4206)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:4705)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
    at org.apache.catalina.core.StandardService.start(StandardService.java:525)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: org.xml.sax.SAXParseException; lineNumber: 86; columnNumber: 12; cvc-complex-type.2.4.a: Invalid content was found starting with element 'headers'. One of '{"http://www.springframework.org/schema/security":intercept-url, "http://www.springframework.org/schema/security":access-denied-handler, "http://www.springframework.org/schema/security":form-login, "http://www.springframework.org/schema/security":openid-login, "http://www.springframework.org/schema/security":x509, "http://www.springframework.org/schema/security":http-basic, "http://www.springframework.org/schema/security":logout, "http://www.springframework.org/schema/security":session-management, "http://www.springframework.org/schema/security":remember-me, "http://www.springframework.org/schema/security":anonymous, "http://www.springframework.org/schema/security":port-mappings, "http://www.springframework.org/schema/security":custom-filter, "http://www.springframework.org/schema/security":request-cache}' is expected.
    at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
    at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown Source)
    at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source)
    at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
    at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
    at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
    at org.springframework.beans.factory.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:75)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:388)
    ... 28 more
spring
spring-security
x-frame-options
java
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2021-09-15 08:35:34

报头支持是在SpringSecurity3.2中添加的,您可以声明您使用的是3.1,它不包含头支持。

警告:SpringSecurity3.2已经有一段时间没有更新了,并且已经被许多版本所取代。它也不再支持,所以我强烈建议升级到5.x范围(这是支持的)。

票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/69189025

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档